Snell & Wilmer Business Professional Openings logo

Penetration Tester Pen Tester

Snell & Wilmer Business Professional Openings
Full-time
On-site
Phoenix, Arizona, United States

Snell & Wilmer, one of the largest and most prestigious law firms in the western United States, is currently looking to fill an Penetration Tester.  You will have the opportunity to work remote in this position located near one of the following firm’s office locations Salt Lake City, Utah; Dallas, Texas;  Las Vegas, Nevada or Phoenix or Tucson, Arizona.


You will be responsible for threat hunting, triage and management of findings from conducted Penetration Tests and providing guidance for security best practices.


What you will do:



  • Perform or manage various types of offensive security tests to identify potential risks, including:


    • Network, Mobile, and Application Penetration Testing

    • Source Code Reviews

    • Cloud Security Assessments

    • Attack Surface Management

    • Adversarial Simulation/Red Teaming

    • Vulnerability Assessments

    • Hardware/Device Security assessments


  • Test and validate security controls protecting production systems.

  • Investigate and evaluate risks identified from threat intelligence sources.

  • Analyze and evaluate security vulnerabilities, identifying and classifying possible threats.

  • Help implement best practices to improve system and application security.

  • Develop detailed reports to document findings and recommend solutions.

  • Present findings and recommendations to stakeholders and partners.

  • Ensure compliance with applicable regulations and industry standards by conducting tests and testing procedures.

  • Automate repeatable security tests.

  • Research, recommend, and track security-related technology solutions.


The position responsibilities may include, but are not limited to the following:



  • Plan, scope, coordinate, and execute penetration tests from initiation to closure.

  • Carry out application & network testing of the cloud to expose weaknesses in security.


    • Black/white/gray box testing

    • Manual testing

    • Automated testing


  • Plan, create and execute penetration attack methods, scripts, and tests using the current polices and process.

  • Simulate security breaches to test a system's relative security.

  • Work with the business to determine test requirements.

  • Understand how identified flaws could affect a business, or business function, if they're not fixed.

  • Create reports and recommendations from findings.

  • Collaborate with other teams to act as an advisor on methods to fix or lower security risks.


Experience and Qualifications:



  • Formal training and certification in cybersecurity engineering concepts.   

  • 2 plus years of ‘fingers on keyboard’ experience conducting “manual” penetration testing and vulnerability assessments to include, but not limited to:

    • Network testing

    • Application testing

    • Black/white/gray box testing

    • Manual/Automated testing



  • Excellent command of cybersecurity organization practices, operations risk management processes, principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies

  • Ability to identify network attacks and systemic security issues as they relate to threats and vulnerabilities, with a focus on recommendations for enhancements or remediation.

  • Experience working in a public cloud environment (e.g. AWS, GCP or Azure)

  • Ability to manually conduct a penetration test

  • Proficient in coding in one of more languages (e.g. Python, Bash, Java, C++, PowerShell…)

  • Overall knowledge of the Software Development Life Cycle

  • Strong understanding of infrastructure/cloud architecture and security testing approaches. This will include using tools, manual testing, and various testing techniques.

  • Ability to independently conduct and lead security assessments.

  • Ability to represent/convey information, both verbal/written to multiple organization levels.

  • Ability to explain/convey technical vulnerabilities to technical/non-technical 3rd parties.

  • Subject to International Traffic in Arms Regulations ("ITAR") compliant


Certifications: 


Candidate is excepted to have one or more of the following certifications:



  • OSCP

  • CEH

  • GPEN

  • CEPT


Snell & Wilmer offers a competitive performance-based compensation and a generous benefits package starting on your first day. The benefits package includes medical, dental, vision, disability, life insurance, 401K/profit sharing,  paid holidays, tuition reimbursement and paid time off including vacation time, personal time, and sick time where appropriate.  Snell & Wilmer values the principles of Diversity, Equity, and Inclusion.  Be Seen, Be Heard, Be Valued, Belong.
 


We are an Equal Employment Opportunity employer.  

Apply now
Share this job
Twitter Facebook Linkedin Email
Job expired?